summaryrefslogtreecommitdiff
path: root/source3/include/auth.h
Commit message (Collapse)AuthorAgeFilesLines
* s3:auth: pass the whole auth_session_info from ↵Stefan Metzmacher2018-03-201-3/+2
| | | | | | | | | | | | copy_session_info_serverinfo_guest() to create_local_token() We only need to adjust sanitized_username in order to keep the same behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit a2a289d0446fedb4ea40834b5b5b190fdca30906)
* s3:auth: remove unused auth_serversupplied_info->systemStefan Metzmacher2018-03-201-1/+0
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 28ad1306b880a44824ee956a19656ac29581a1b9)
* lib: modules: Change XXX_init interface from XXX_init(void) to ↵Jeremy Allison2017-04-221-1/+2
| | | | | | | | | | | | | | | | | | | | XXX_init(TALLOC_CTX *) Not currently used - no logic changes inside. This will make it possible to pass down a long-lived talloc context from the loading function for modules to use instead of having them internally all use talloc_autofree_context() which is a hidden global. Updated all known module interface numbers, and added a WHATSNEW. Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
* s3-auth: Clarify the role and purpose of the ↵Andrew Bartlett2017-03-291-1/+8
| | | | | | | | auth_serversupplied_info->security_token Signed-off-by: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* auth: Provide a way to use the auth stack for winbindd authenticationAndrew Bartlett2014-06-111-1/+4
| | | | | | | | | | | | | | This adds in flags that allow winbindd to request authentication without directly calling into the auth_sam module. That in turn will allow winbindd to call auth_samba4 and so permit winbindd operation in the AD DC. Andrew Bartlett Change-Id: I27d11075eb8e1a54f034ee2fdcb05360b4203567 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Allow auth_samba4 to be forced to run a specific auth moduleAndrew Bartlett2014-05-161-2/+7
| | | | | | | | | | This will allow new tests to be written to validate winbindd authentication results Andrew Bartlett Change-Id: I008eba1de349b17ee4eb9f11be08338557dffecc Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth: Remove .get_challenge (only used for security=server)Andrew Bartlett2012-07-031-11/+0
| | | | | | | | | | | | | With NTLMSSP, for NTLM2 we need to be able to set the effective challenge, so if we ever did use a module that needed this functionlity, we would downgrade to just NTLM. Now that security=server has been removed, we have no such module. This will make it easier to make the auth subsystem async, as we will not need to consider making .get_challenge async. Andrew Bartlett
* s3-rpc: Decrypt with the proper session key in CreateTrustedDomainEx2.Alexander Bokovoy2012-03-131-0/+6
| | | | | | | | | | | | | | | | On LSA and SAMR pipes session_key is truncated to 16 byte when doing encryption/decryption. However, this was not done for trusted domain-related modifying operations. As result, Samba 4 client libraries do not work against Samba 3 while working against Windows 2008 r2. Solved this by introducing "session_extract_session_key()" function that allows to specify intent of use of the key. Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User: Andreas Schneider <asn@cryptomilk.org> Autobuild-Date: Tue Mar 13 12:23:44 CET 2012 on sn-devel-104
* s3-auth: Remove single-implementation plugin layerAndrew Bartlett2012-03-081-6/+0
| | | | | | | | The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context were only ever initialised to a single value. Make it easier to follow by just calling the function directly. Andrew Bartlett
* s3-auth: Add a way to get an auth4_context from the auth stackAndrew Bartlett2012-02-241-1/+6
| | | | | | | | This will allow us to use the same layer that auth_ntlmssp does in the non-SPNEGO session setup, which will in turn make the authentication code more consistent in the AD server case. Andrew Bartlett
* s3-auth Remove unused nt_status_squash from auth_contextAndrew Bartlett2012-02-011-1/+0
| | | | | Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Feb 1 04:18:50 CET 2012 on sn-devel-104
* s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett2012-01-051-1/+1
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett2012-01-051-1/+1
| | | | | | | | | This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth re-create the auth context in the s3 ntlmssp server moduleAndrew Bartlett2012-01-051-9/+0
| | | | | | | | This removes the abstraction violation in auth_generic.c. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth rename auth_ntlmssp_state -> auth_generic_stateAndrew Bartlett2011-12-221-1/+1
| | | | | | | | | This structure handles more than NTLMSSP now, at least when we are an AD DC and so changing the name may avoid some confusion in the future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: use typedefs in auth.hAndrew Bartlett2011-10-181-8/+14
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* selftest: test plugin_s4_dc against all ncacn_np testsAndrew Bartlett2011-08-031-0/+2
| | | | | | | Changes to the s3 epmapper behaviour seem to have fixed the rest of these tests. Andrew Bartlett
* s3-auth clarify the role of these session keysAndrew Bartlett2011-08-031-8/+6
| | | | | | | | | This comment can be clarified now the auth subsystem does not use the same structure as the rest of the code. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth remove sanitized_username from auth_serversupplied_infoAndrew Bartlett2011-08-031-9/+0
| | | | | | | | | | | This structure element was only written to, not read. It is filled into the companion structure, auth_session_info() by create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-ntlmssp Split calls to gensec plugin into prepare and startAndrew Bartlett2011-08-031-4/+5
| | | | | | | | | | GENSEC has the concept of starting the GENSEC subsystem before starting the actual mechansim. Between these two stages is when most context methods are called, to specify credentials and features. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Allow auth modules to provide an initialised GENSEC contextAndrew Bartlett2011-08-031-0/+9
| | | | | | | | | This will allow auth plugins such as auth_samba4 to provide an initialised GENSEC context to auth subsystem callers. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth import auth3_session_info into IDLAndrew Bartlett2011-07-201-24/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth remove extra from auth3_session_infoAndrew Bartlett2011-07-201-7/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Remove unused nss_token variableAndrew Bartlett2011-07-201-5/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth: Remove unused lm_session_key from auth3_session_infoAndrew Bartlett2011-07-201-1/+0
| | | | | | | | | | | | The long term authorization state needs only the final, negotiated session key, and not the original LM key that may possibly have been an input. The special case of the guest account simply needs both values filled back in with the zeros to avoid changing behaviour in the cached server_info. Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use system boolean in auth_user_info_unixAndrew Bartlett2011-07-201-2/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use guest boolean in auth_user_info_unixAndrew Bartlett2011-07-201-1/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett2011-07-201-10/+1
| | | | | | | | This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett2011-07-201-1/+1
| | | | | | | | | | | | | | | | This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Add struct auth3_session_info to aid transition to auth_session infoAndrew Bartlett2011-07-201-0/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | This will allow a gradual conversion of the required elements from the current struct auth_serversupplied_info. This commit adds the structure definition and some helper functions to copy between the two structures. At this stage these structures and functions are IDENTICAL to the existing code, and so show the past history of that code. The plan is to slowly modify them over the course of the patch series, so that the changes being made a clear. By using a seperate structure to auth_serversupplied_info we can remove elements that are not needed after the authentication, and we can choose a layout that best reflects the needs of runtime users, rather than the internals of the authentication subsystem. By eventually using the auth_session_info from auth.idl, we will gain a single session authorization structure across the whole codebase, allowing more code to be shared, and a much more transparent process for forwarding authorization credentials over the named pipe proxy. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Rename user_session_key -> session_key to match auth_session_infoAndrew Bartlett2011-04-051-1/+1
|
* s3-auth: move auth prototypes to auth/proto.h.Günther Deschner2011-03-301-0/+2
| | | | Guenther
* s3-auth struct security_unix_token replaces UNIX_USER_TOKENAndrew Bartlett2011-03-011-1/+1
|
* s3-auth Remove unused pam_handleAndrew Bartlett2011-02-101-2/+0
| | | | Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett2011-02-101-1/+1
| | | | | | | | | This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth Fix typo in commentAndrew Bartlett2010-09-111-1/+1
|
* s3:auth Remove NT_USER_TOKENAndrew Bartlett2010-09-111-1/+1
| | | | | | | | | The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3:auth Make Samba3 use the new common struct auth_usersupplied_infoAndrew Bartlett2010-08-141-22/+3
| | | | | | | | | | | | | This common structure will make it much easier to produce an auth module for s3compat that calls Samba4's auth subsystem. In order the make the link work properly (and not map twice), we mark both that we did try and map the user, as well as if we changed the user during the mapping. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-auth: Simplify how we free the auth_contextSimo Sorce2010-07-191-1/+0
| | | | | | | | | Turn the freeing function into a destructor and attach it to the auth_context. Make all callers TALLOC_FREE() the auth_context instead of calling the free function. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth Rename user_info->domain -> user_info->mapped.domain_nameAndrew Bartlett2010-06-071-1/+0
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename user_info->client_domain -> user_info->client.domain_nameAndrew Bartlett2010-06-071-1/+1
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth fix header comment for internal_username -> mapped.account_nameAndrew Bartlett2010-06-071-1/+1
|
* s3:auth Rename user_info->internal_username -> user_info->mapped.account_nameAndrew Bartlett2010-06-071-1/+1
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth Rename user_info->smb_name -> user_info->client.account_nameAndrew Bartlett2010-06-071-1/+3
| | | | | | | This is closer to the structure I want for a common struct auth_usersupplied_info. Andrew Bartlett
* s3:auth remove unused structure memberSimo Sorce2010-06-071-4/+0
| | | | | | | sids are now completely handled using info3, remove dead code that fills server info sids and the structure members themselves Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth handle unix domain sids in samuSimo Sorce2010-06-071-0/+12
| | | | | | | | When we generate a user out of thin air we may end up adding sids that are not part of the sam domain (unix domain sids). Handle the case and preserve these sids as extra sids. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_infoAndrew Bartlett2010-06-011-1/+1
|
* s3-auth: add "system" bool flag to auth_serversupplied_info.Günther Deschner2010-05-311-0/+1
| | | | Guenther
* s3:auth Remove AUTH_NTLMSSP_STATE typedef.Andrew Bartlett2010-05-311-1/+1
| | | | | | | | | typedefs are no longer preferred Samba style. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
* s3:auth Make AUTH_NTLMSSP_STATE a private structure.Andrew Bartlett2010-05-311-6/+1
| | | | | | | | | This makes it a little easier for it to writen in terms of GENSEC in future. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
View Lorry Controller Status